Exporting CP firewall-1 rulebase and objects

[spidey07]

I'm doing a pretty big conversion from Checkpoint Firewall-1 to a four piece cisco pix 525 solution. The rulebase is pretty large and contains hundreds of network and group objects.

Anybody know how to get some kind of text export of the rulebase and all objects? I'd hate to have to use policy editor to manually record every single object/rule. There has to be an easier way...I need a good text list so I can start configuring the pix as well as assist in the overal design.

thanks in advanced - No more CPFW1 support because it is getting replaced.

 

[n0cmonkey]

I dont have an answer for you, but maybe phoneboy does. Also, what version of FW-1?

EDIT: Just did a quick search.

 

[spidey07]

Thanks monkey. Vesion is patched out 4.1.

Want me to send you the objects and rulebase so you can run the tools on them?






























NOT!

 

[n0cmonkey]

I try not to touch FW1. The link help?

 

[Garion]

The only flavor of CP that I play with is the Nokias. Cool beans. Of course, I definitely prefer PIX, but you have to have a layered defense..

In any case, check this tool.

- G

 

[SR]

Why are you sad in replacing FW-1? NG is a little better but worse than a pix.

 

[n0cmonkey]

Originally posted by: SR
Why are you sad in replacing FW-1? NG is a little better but worse than a pix.

I think he was sad about not having support, but Im not sure.

 

[spidey07]

Got tired of all the things you CAN'T do with checkpoint. That and very, very, very poor support.

So, we're putting in pix based on - support, existing management and security tools, flexibility.
First off being support.

Thanks for all the links fellas.

 

[spidey07]

WOW. All I can say is WOW.:Q

There is a tool on phoneboys website called "fw1rules.pl" that is incredible. You privide it objects.C and your rulebase and it generates a single HTML page with EVERYTHING. Linked within the page. All rules, objects, security policies, groups, services. Everything.

Anybody using FW1 products MUST have this tool. It gives a perfect documentation of your firewall. just amazing.

Thanks for the links Monkey. Made an impossible task of documenting firewalls into a 5 minute task of running a script.

Run FW1? Get this tool now.

 

[n0cmonkey]

Glad I could help, phoneboy is a lifesaver for FW1 information.